HELLO v3!!!

app/views/cli/core/banner.erb

@@ -0,0 +1,14 @@
+_______________________________________________________________
+        __          _______   _____
+        \ \        / /  __ \ / ____|
+         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
+          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+           \  /\  /  | |     ____) | (__| (_| | | | |
+            \/  \/   |_|    |_____/ \___|\__,_|_| |_|
+
+        WordPress Security Scanner by the WPScan Team
+                       Version <%= WPScan::VERSION %>
+          Sponsored by Sucuri - https://sucuri.net
+      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
+_______________________________________________________________
+

app/views/cli/core/db_update_finished.erb

@@ -0,0 +1,8 @@
+<% if @verbose && !@updated.empty? -%>
+<%= notice_icon %> File(s) Updated:
+<% @updated.each do |file| -%>
+ |  <%= file %>
+<% end -%>
+<% end -%>
+<%= notice_icon %> Update completed.
+

app/views/cli/core/db_update_started.erb

@@ -0,0 +1 @@
+<%= notice_icon %> Updating the Database ...

app/views/cli/core/not_fully_configured.erb

@@ -0,0 +1 @@
+<%= critical_icon %> The Website is not fully configured and currently in install mode. Create a new admin user at <%= @url %>

app/views/cli/core/version.erb

@@ -0,0 +1,5 @@
+Current Version: <%= WPScan::VERSION %>
+<% if @last_update -%>
+Last DB Update: <%= @last_update.strftime('%Y-%m-%d') %>
+<% end -%>
+

app/views/cli/enumeration/config_backups.erb

@@ -0,0 +1,11 @@
+
+<% if @config_backups.empty? -%>
+<%= notice_icon %> No Config Backups Found.
+<% else -%>
+<%= notice_icon %> Config Backup(s) Identified:
+<% @config_backups.each do |config_backup| -%>
+
+<%= info_icon %> <%= config_backup %>
+<%= render('@finding', item: config_backup) -%>
+<% end -%>
+<% end %>

app/views/cli/enumeration/db_exports.erb

@@ -0,0 +1,11 @@
+
+<% if @db_exports.empty? -%>
+<%= notice_icon %> No DB Exports Found.
+<% else -%>
+<%= notice_icon %> Db Export(s) Identified:
+<% @db_exports.each do |db_export| -%>
+
+<%= info_icon %> <%= db_export %>
+<%= render('@finding', item: db_export) -%>
+<% end -%>
+<% end %>

app/views/cli/enumeration/medias.erb

@@ -0,0 +1,11 @@
+
+<% if @medias.empty? -%>
+<%= notice_icon %> No Medias Found.
+<% else -%>
+<%= notice_icon %> Medias(s) Identified:
+<% @medias.each do |media| -%>
+
+<%= info_icon %> <%= media %>
+<%= render('@finding', item: media) -%>
+<% end -%>
+<% end %>

app/views/cli/enumeration/plugins.erb

@@ -0,0 +1,20 @@
+
+<% if @plugins.empty? -%>
+<%= notice_icon %> No plugins Found.
+<% else -%>
+<%= notice_icon %> Plugin(s) Identified:
+<% @plugins.each do |plugin| -%>
+
+<%= info_icon %> <%= plugin %>
+<%= render('@wp_item', wp_item: plugin) -%>
+ |
+<%= render('@finding', item: plugin) -%>
+ |
+<% if plugin.version -%>
+ | Version: <%= plugin.version %> (<%= plugin.version.confidence %>% confidence)
+<%= render('@finding', item: plugin.version) -%>
+<% else -%>
+ | The version could not be determined.
+<% end -%>
+<% end -%>
+<% end %>

app/views/cli/enumeration/themes.erb

@@ -0,0 +1,11 @@
+
+<% if @themes.empty? -%>
+<%= notice_icon %> No themes Found.
+<% else -%>
+<%= notice_icon %> Theme(s) Identified:
+<% @themes.each do |theme| -%>
+
+<%= info_icon %> <%= theme %>
+<%= render('@theme', theme: theme, show_parents: false) -%>
+<% end -%>
+<% end %>

app/views/cli/enumeration/timthumbs.erb

@@ -0,0 +1,18 @@
+
+<% if @timthumbs.empty? -%>
+<%= notice_icon %> No Timthumbs Found.
+<% else -%>
+<%= notice_icon %> Timthumb(s) Identified:
+<% @timthumbs.each do |timthumb| -%>
+
+<%= info_icon %> <%= timthumb %>
+<%= render('@finding', item: timthumb) -%>
+ |
+<% if timthumb.version -%>
+ | Version: <%= timthumb.version %>
+<%= render('@finding', item: timthumb.version) -%>
+<% else -%>
+ | The version could not be determined.
+<% end -%>
+<% end -%>
+<% end %>

app/views/cli/enumeration/users.erb

@@ -0,0 +1,11 @@
+
+<% if @users.empty? -%>
+<%= notice_icon %> No Users Found.
+<% else -%>
+<%= notice_icon %> User(s) Identified:
+<% @users.each do |user| -%>
+
+<%= info_icon %> <%= user %>
+<%= render('@finding', item: user) -%>
+<% end -%>
+<% end %>

app/views/cli/finding.erb

@@ -0,0 +1,32 @@
+ | Detected By: <%= @item.found_by %>
+<% @item.interesting_entries.each do |entry| -%>
+ |  - <%= entry %>
+<% end -%>
+<% unless (confirmed = @item.confirmed_by).empty? -%>
+<% if confirmed.size == 1 -%>
+ | Confirmed By: <%= confirmed.first.found_by %>
+<% confirmed.first.interesting_entries.each do |entry| -%>
+ |  - <%= entry %>
+<% end -%>
+<% else -%>
+ | Confirmed By:
+<% confirmed.each do |c| -%>
+ |  <%= c.found_by %>
+<% c.interesting_entries.each do |entry| -%>
+ |   - <%= entry %>
+<% end -%>
+<% end -%>
+<% end -%>
+<% end -%>
+<% if @item.respond_to?(:vulnerabilities) && !(vulns = @item.vulnerabilities).empty? -%>
+<% vulns_size = vulns.size -%>
+ |
+ | <%= critical_icon %> <%= vulns_size %> <%= vulns_size == 1 ? 'vulnerability' : 'vulnerabilities' %> identified:
+ |
+<% vulns.each_with_index do |vulnerability, index| -%>
+<%= render('@vulnerability', v: vulnerability) -%>
+<% if index != vulns_size -1 -%>
+ |
+<% end -%>
+<% end -%>
+<% end -%>

app/views/cli/info.erb

@@ -0,0 +1 @@
+<%= info_icon %> <%= @msg %>

app/views/cli/main_theme/theme.erb

@@ -0,0 +1,6 @@
+<% if @theme -%>
+<%= info_icon %> WordPress theme in use: <%= @theme %>
+<%= render('@theme', theme: @theme, show_parents: true) -%>
+<% else -%>
+<%= notice_icon %> The main theme could not be detected.
+<% end %>

app/views/cli/notice.erb

@@ -0,0 +1 @@
+<%= notice_icon %> <%= @msg %>

app/views/cli/password_attack/users.erb

@@ -0,0 +1,9 @@
+
+<% if @users.empty? -%>
+<%= notice_icon %> No Valid Passwords Found.
+<% else -%>
+<%= notice_icon %> Valid Combinations Found:
+<% @users.each do |user| -%>
+ | Username: <%= user.username %>, Password: <%= user.password %>
+<% end -%>
+<% end %>

app/views/cli/theme.erb

@@ -0,0 +1,49 @@
+<%= render('@wp_item', wp_item: @theme) -%>
+ | Style URL: <%= @theme.style_url %>
+<% if @theme.style_name -%>
+ | Style Name: <%= @theme.style_name %>
+<% end -%>
+<% if @theme.style_uri -%>
+ | Style URI: <%= @theme.style_uri %>
+<% end -%>
+<% if @theme.description -%>
+ | Description: <%= @verbose ? @theme.description : @theme.description[0, 100] + '...' %>
+<% end -%>
+<% if @theme.author -%>
+ | Author: <%= @theme.author %>
+<% end -%>
+<% if @theme.author_uri -%>
+ | Author URI: <%= @theme.author_uri %>
+<% end -%>
+<% if @theme.template && @verbose -%>
+ | Template: <%= @theme.template %>
+<% end -%>
+<% if @theme.license && @verbose -%>
+ | License: <%= @theme.license %>
+<% end -%>
+<% if @theme.license_uri && @verbose -%>
+ | License URI: <%= @theme.license_uri %>
+<% end -%>
+<% if @theme.tags && @verbose -%>
+ | Tags: <%= @theme.tags %>
+<% end -%>
+<% if @theme.text_domain && @verbose -%>
+ | Text Domain: <%= @theme.text_domain %>
+<% end -%>
+ |
+<%= render('@finding', item: @theme) -%>
+ |
+<% if @theme.version -%>
+ | Version: <%= @theme.version %> (<%= @theme.version.confidence %>% confidence)
+<%= render('@finding', item: @theme.version) -%>
+<% else -%>
+ | The version could not be determined.
+<% end -%>
+<% if @show_parents && !(parents = @theme.parent_themes).empty? -%>
+ |
+ | Parent Theme(s):
+<% parents.each do |parent| -%>
+ |
+<%= render('@theme', theme: parent, show_parents: false) -%>
+<% end -%>
+<% end -%>

app/views/cli/usage.erb

@@ -0,0 +1,3 @@
+<%= @msg %>
+
+Please use --help/-h for the list of available options.

app/views/cli/vulnerability.erb

@@ -0,0 +1,14 @@
+ | <%= critical_icon %> Title: <%= @v.title %>
+<% if @v.fixed_in -%>
+ |     Fixed in: <%= @v.fixed_in %>
+<% end -%>
+<% unless (references = @v.references_urls).empty? -%>
+<% if references.size == 1 -%>
+ |     Reference: <%= references.first %>
+<% else -%>
+ |     References:
+<% references.each do |ref| -%>
+ |      - <%= ref %>
+<% end -%>
+<% end -%>
+<% end -%>

app/views/cli/wp_item.erb

@@ -0,0 +1,22 @@
+ | Location: <%= @wp_item.url %>
+<% if @wp_item.latest_version && !@wp_item.outdated? -%>
+ | Latest Version: <%= @wp_item.latest_version %><% if @wp_item.version %> (up to date)<% end %>
+<% end -%>
+<% if @wp_item.last_updated -%>
+ | Last Updated: <%= @wp_item.last_updated %>
+<% end -%>
+<% if @wp_item.readme_url -%>
+ | Readme: <%= @wp_item.readme_url %>
+<% end -%>
+<% if @wp_item.changelog_url -%>
+ | Changelog: <%= @wp_item.changelog_url %>
+<% end -%>
+<% if @wp_item.latest_version && @wp_item.outdated? -%>
+ | <%= warning_icon %> The version is out of date, the latest version is <%= @wp_item.latest_version %>
+<% end -%>
+<% if @wp_item.directory_listing? -%>
+ | <%= critical_icon %> Directory listing is enabled
+<% end -%>
+<% if @wp_item.error_log? -%>
+ | <%= critical_icon %> An error log file has been found: <%= @wp_item.url('error_log') %>
+<% end -%>

app/views/cli/wp_version/version.erb

@@ -0,0 +1,6 @@
+<% if @version -%>
+<%= info_icon %> WordPress version <%= @version.number %> identified.
+<%= render('@finding', item: @version) -%>
+<% else -%>
+<%= notice_icon %> The WordPress version could not be detected.
+<% end %>

app/views/json/core/banner.erb

@@ -0,0 +1,11 @@
+"banner": {
+"description": "WordPress Security Scanner by the WPScan Team",
+  "version": <%= WPScan::VERSION.to_json %>,
+  "authors": [
+    "@_WPScan_",
+    "@ethicalhack3r",
+    "@erwan_lr",
+    "@_FireFart_"
+  ],
+  "sponsored_by": "Sucuri - https://sucuri.net"
+},

app/views/json/core/db_update_finished.erb

@@ -0,0 +1,2 @@
+"db_files_updated": <%= @updated.to_json %>,
+"db_update_finished": true,

app/views/json/core/db_update_started.erb

@@ -0,0 +1 @@
+"db_update_started": true,

app/views/json/core/not_fully_configured.erb

@@ -0,0 +1 @@
+"not_fully_configured": "The Website is not fully configured and currently in install mode. Create a new admin user at <%= @url %>",

app/views/json/core/version.erb

@@ -0,0 +1,2 @@
+"version": <%= WPScan::VERSION.to_json %>,
+"last_db_update": <%= @last_update.to_json %>,

app/views/json/enumeration/config_backups.erb

@@ -0,0 +1,10 @@
+"config_backups": {
+<% unless @config_backups.empty? -%>
+<% last_index = @config_backups.size - 1 -%>
+<% @config_backups.each_with_index do |config_backup, index| -%>
+  <%= config_backup.url.to_json %>: {
+    <%= render('@finding', item: config_backup) -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/enumeration/db_exports.erb

@@ -0,0 +1,10 @@
+"db_exports": {
+<% unless @db_exports.empty? -%>
+<% last_index = @db_exports.size - 1 -%>
+<% @db_exports.each_with_index do |db_export, index| -%>
+  <%= db_export.url.to_json %>: {
+    <%= render('@finding', item: db_export) -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/enumeration/medias.erb

@@ -0,0 +1,10 @@
+"medias": {
+<% unless @medias.empty? -%>
+<% last_index = @medias.size - 1 -%>
+<% @medias.each_with_index do |media, index| -%>
+  <%= media.url.to_json %>: {
+    <%= render('@finding', item: media) -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/enumeration/plugins.erb

@@ -0,0 +1,20 @@
+"plugins": {
+<% unless @plugins.empty? -%>
+<% last_index = @plugins.size - 1 -%>
+<% @plugins.each_with_index do |plugin, index| -%>
+  <%= plugin.slug.to_json %>: {
+    <%= render('@wp_item', wp_item: plugin) %>,
+    <%= render('@finding', item: plugin) -%>,
+    <% if plugin.version -%>
+    "version": {
+      "number": <%= plugin.version.number.to_json %>,
+      "confidence": <%= plugin.version.confidence.to_json %>,
+      <%= render('@finding', item: plugin.version) -%>
+    }
+    <% else -%>
+    "version": null
+    <% end -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/enumeration/themes.erb

@@ -0,0 +1,10 @@
+"themes": {
+<% unless @themes.empty? -%>
+<% last_index = @themes.size - 1 -%>
+<% @themes.each_with_index do |theme, index| -%>
+  <%= theme.slug.to_json %>: {
+    <%= render('@theme', theme: theme) -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/enumeration/timthumbs.erb

@@ -0,0 +1,19 @@
+"timthumbs": {
+<% unless @timthumbs.empty? -%>
+<% last_index = @timthumbs.size - 1 -%>
+<% @timthumbs.each_with_index do |timthumb, index| -%>
+  <%= timthumb.url.to_json %>: {
+    <%= render('@finding', item: timthumb) -%>,
+    <% if timthumb.version -%>
+    "version": {
+      "number": <%= timthumb.version.number.to_json %>,
+      "confidence": <%= timthumb.version.confidence.to_json %>,
+      <%= render('@finding', item: timthumb.version) -%>
+    }
+    <% else -%>
+    "version": null
+    <% end -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/enumeration/users.erb

@@ -0,0 +1,11 @@
+"users": {
+<% unless @users.empty? -%>
+<% last_index = @users.size - 1 -%>
+<% @users.each_with_index do |user, index| -%>
+  <%= user.username.to_json %>: {
+    "id": <%= user.id.to_json %>,
+    <%= render('@finding', item: user) -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/finding.erb

@@ -0,0 +1,26 @@
+"found_by": <%= @item.found_by.to_json %>,
+"confidence": <%= @item.confidence.to_json %>,
+"interesting_entries": <%= @item.interesting_entries.to_json %>,
+"confirmed_by": {
+<% unless (confirmed = @item.confirmed_by).empty? -%>
+<% last_index = @item.confirmed_by.size - 1 -%>
+<% @item.confirmed_by.each_with_index do |c, index| -%>
+  <%= c.found_by.to_json %>: {
+    "confidence": <%= c.confidence.to_json %>,
+    "interesting_entries": <%= c.interesting_entries.to_json %>
+  }<% unless index == last_index %>,<% end -%>
+<% end -%>
+<% end -%>
+},
+"vulnerabilities": [
+<% if @item.respond_to?(:vulnerabilities) && !(vulns = @item.vulnerabilities).empty? -%>
+  <% last_index = vulns.size - 1 -%>
+  <% vulns.each_with_index do |v, index| -%>
+  {
+    "title": <%= v.title.to_json %>,
+    "fixed_in": <%= v.fixed_in.to_json %>,
+    "references": <%= v.references.to_json %>
+  }<% unless index == last_index -%>,<% end -%>
+  <% end -%>
+<% end -%>
+]

app/views/json/main_theme/theme.erb

@@ -0,0 +1,7 @@
+<% if @theme -%>
+"main_theme": {
+  <%= render('@theme', theme: @theme, show_parents: true) %>
+},
+<% else -%>
+"main_theme": null,
+<% end -%>

app/views/json/password_attack/users.erb

@@ -0,0 +1,10 @@
+"password_attack": {
+<% unless @users.empty? -%>
+<% last_index = @users.size - 1 -%>
+<% @users.each_with_index do |user, index| -%>
+  <%= user.username.to_json %>: {
+    "password": <%= user.password.to_json %>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

app/views/json/theme.erb

@@ -0,0 +1,32 @@
+<%= render('@wp_item', wp_item: @theme) %>,
+"style_url": <%= @theme.style_url.to_json %>,
+"style_name": <%= @theme.style_name.to_json %>,
+"style_uri": <%= @theme.style_uri.to_json %>,
+"description": <%= @theme.description.to_json %>,
+"author": <%= @theme.author.to_json %>,
+"author_uri": <%= @theme.author_uri.to_json %>,
+"template": <%= @theme.template.to_json %>,
+"license": <%= @theme.license.to_json %>,
+"license_uri": <%= @theme.license_uri.to_json %>,
+"tags": <%= @theme.tags.to_json %>,
+"text_domain": <%= @theme.text_domain.to_json %>,
+<%= render('@finding', item: @theme) -%>,
+<% if @theme.version -%>
+"version": {
+  "number": <%= @theme.version.number.to_json %>,
+  "confidence": <%= @theme.version.confidence.to_json %>,
+  <%= render('@finding', item: @theme.version) -%>
+},
+<% else -%>
+"version": null,
+<% end -%>
+"parents": [
+<% if @show_parents && !(parents = @theme.parent_themes).empty? -%>
+<% last_index = parents.size - 1 -%>
+  <% parents.each_with_index do |parent, index| -%>
+  {
+    <%= render('@theme', theme: parent, show_parents: false) -%>
+  }<% unless index == last_index -%>,<% end -%>
+  <% end -%>
+<% end -%>
+]

app/views/json/wp_item.erb

@@ -0,0 +1,9 @@
+"slug": <%= @wp_item.slug.to_json %>,
+"location": <%= @wp_item.url.to_json %>,
+"latest_version": <%= @wp_item.latest_version ? @wp_item.latest_version.number.to_json : nil.to_json %>,
+"last_updated": <%= @wp_item.last_updated.to_json %>,
+"outdated": <%= @wp_item.outdated?.to_json %>,
+"readme_url": <%= @wp_item.readme_url.to_json %>,
+"changelog_url": <%= @wp_item.changelog_url.to_json %>,
+"directory_listing": <%= @wp_item.directory_listing?.to_json %>,
+"error_log_url": <% if @wp_item.error_log? %><%= @wp_item.url('error_log').to_json %><% else %>null<% end %>

app/views/json/wp_version/version.erb

@@ -0,0 +1,8 @@
+<% if @version -%>
+"version": {
+  "number": <%= @version.number.to_json %>,
+  <%= render('@finding', item: @version) -%>
+},
+<% else -%>
+"version": null,
+<% end -%>